Permissions on server

Similar Messages

• Propagate permissions with Server Admin?

  Can someone help me change permissions using Server Admin under Mac OS X10.5.7?
  I am able to set permissions to a single file or folder, but when I go to propagate the permissions to sub folders and files server admin just hangs. The status bar pops down and spins until I force quit. The permissions never propagate.... This is driving me nuts! ( I could do it by file by file, folder by folder but I have thousands to change.)
  Am I doing something wrong? This seemed to work fine in past versions of the OS....
  Thanks,
  Robert
  Message was edited by: Robert LaRocca

  A better way to propagate permissions is to use chmod to set your ACL. See the following post for a basic example that resets ACLs and adds a new one granting read/write access for a group:
  http://discussions.apple.com/thread.jspa?messageID=9488313&#9488313
  As mentioned, you could simply change the POSIX permissions to 0777 (which grants read and write for the POSIX owner, POSIX group, and POSIX everyone fields). This solution will not apply the same permissions to newly-created files or folders and copied items, however.
  This means that you'll have to continue propagating permissions (chmod -R 0777 /example) each time a new file or folder is created or copied. Not fun.
  Using an ACL entry that has file_inherit and directory_inherit controls will ensure that the particular ACL entry is inherited to a newly-created or copied file or folder.
  See my other posts for a detailed explanation of how new, copied, or moved items get their permissions:
  http://discussions.apple.com/message.jspa?messageID=9209840#9209840
  and
  http://discussions.apple.com/message.jspa?messageID=9134807
  Hope this helps!
  --Gerrit

• How can a trusted applet get permissions on server

  Hello all,
  I have just now read some tutorial about Trusted Applet and not even experimented one. So my knowledge is absolutely zero.
  I would like to use Trusted Applets in my environment which I describe below:
  I have a database server on a Linux machine. On the same machine I have Apache web server. I want to deploy an applet in the Apache server so that all my clients can use it with a web browser. I want my applet to get permissions to connect to the database and retrieve the results etc., when any client uses my applet by connecting to the Apache server.
  According to what I understand from the Trusted Applet tutorial, they are used in an exactly opposite environment, meaning: to get permissions on the client machine to access the local file system etc., and their purpose is not to get permissions on the server.
  Could anyone please give me some detailed instructions on how to use Trusted Applet in my environment.
  Best regards,
  Gopal.

  Hello,
  I forgot to add one point: my Server machine has JDK 1.4.1_01
  Best,
  Gopal.

• Setting workgroup backup permissions for server admin user

  I apologize in advance for what is probably a trivial question. At school I have set up a Tiger server on a PPC desktop. Open directory is implemented and managed remotely on my personal desktop machine using Workgroup manager. The local server admin account is different from the remote workgroup manager account. I have been backing up using rsync from my machine by logging in with ssh and the Workgroup manager account. Now I want to use ChronoSync on the server machine to set up a simple incremental backup routine. The problem is that ChronoSync runs under the server admin account which does not have permissions to access the group accounts. What is the best way for me to give the server admin account "global" permissions so it can backup the files and directories that were set up using Workgroup manager?
  iMac Intel Mac OS X (10.4.9)
  iMac Intel   Mac OS X (10.4.9)  

  Hi,
  User Account Control treats members of the Administrators group as standard users.
  With UAC enabled, members of the local Administrators group run with the same access token as standard users. Only when a member of the local Administrators group gives approval can a process use the administrator’s full access token. This process is the
  basis of the principle of Admin Approval Mode.
  When an administrator logs on to Windows Vista or newer, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights
  removed (filtered).
  To work around this issue, use the net use command together with a UNC name to access the network location.
  Programs may be unable to access some network locations after you turn on User Account Control in Windows Vista or newer operating systems
  http://support.microsoft.com/kb/937624
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Time Machine Permissions with Server Update 2.2

  I rebuilt our Mac Mini server and did it using the latest version of Server (v. 2.2) just released. I noticed that when I activate the Time Machine service on OS X Server that my clients could not connect in (receiving OSStatus Error (5) on those machines). So, when looking at the permissions for the "Backups" share in File Sharing on the Server (using the Server app), I noticed that there were no permissions for anyone other than the Administrator.
  I added a group of employees and then those machines are able to successfully use Time Machine and backup to the server's external Time Machine disk. The problem is that those backups do not appear with the little red "minus" sign next to them. So, someone could grab someone else's backup and copy it.
  It seems this new version of Server Update may have changed the way permissions are provisioned for clients to be able to backup to.
  Anyone else seeing this behavior or have any thoughts on this?
  Thanks,
  Bob

  Solved this permissions issue. Use the Mac's Disk Utility to format the backup drive - do not use the vendor's supplied disk management utility to format it. I am running a thunderbolt Drobo now and had the same issue using Drobo's software. Once you format the drive using the Mac's Disk Utility, you will see a group of "staff" with read/write permissions. Other network users will not have access to other time machine backups.

• Problem with watermarking/permissions on server files

  Hello,
  I've got a problem when trying to add a Waternark to PDFs exported from InDesign.
  I'm working from an Apple XServe server with InDesign CS5.
  I've set up my watermark template in Acrobat and saved it - but when I try to add it to the PDF, it tells me I do not have sufficient permissions.
  However, I've noticed that if I save the artwork to my desktop, then make the PDF, Acrobat lets me add the watermark. The same thing happens if I make a new (unsaved) document.
  So I don't know where the issue lies. In Acrobat? InDesign? Or the server.
  Can somebody help?
  Thanks!

  One problem jumps out at me right away, when you close your folder, you specify false, change this to true and that should delete all the messages on the server that were marked as DELETE:
  in the last few lines, change:
  folder.close(false);
  to:
  folder.close(true);
  you will still need to use:
  message.setFlag(Flags.Flag.DELETED,true);
  to set the flag of the messages you wish to delete.

• Disappearing folder permissions from Server

  I have a Mavericks Mac that is binded to Active Directory. I am able to mount a server and the access shared folders. Once I close the Finder window and then re-open, the permission to the folder gets denied. I receive an error "The folder foldername can't be opened because you don't have permission to see its contents."
  I can re-mount the server and the folder will be accessable again. And this is the only server that is having this issue. I am able to re-connect to other servers just fine without lossing permissions. She is still able to browse to the folder from her Windows machine and her account doesn't get locked out.
  Any ideas?

  Assuming that the XServe RAID is attached to said XServe, there is no problem. The fact that it's a server isn't relevant.

• Inherit Permissions without server purchase

  The issue of not being able to allow me to enable a folder to inherit permissions is a problem. all mac os previous to X would let me do that. Even all windows os will let me do that. I've heard it's for improved security but at this point I would rather have flexibility than security. Since this is the only feature that I need that is on the $499 os x server I don't want to purchase that server for that one little feature that is common in windows and past mac operating systems.I hope future os upgrades will restore this option. Thank You
  If anyone knows of a workaround or shareware app that would help. that would be great. Thanks

  Supposedly this can be done in the CLI using chmod. There's no way to do it in the Finder. I've played around with chmod on this, but haven't had much success yet. I'm still researching it myself.
  Does anyone have any better suggestions? Thus far, I'm having trouble finding out exactly how to write the chmod line to do this.
  Exactly what I'm dealing with is an OS X 10.5 client machine (NOT a server) on which I want to set up a shared folder. It's a graphics folder on an Active Directory domain. What's happening is when different users modify files in that folder, the permissions get all out of whack, and some people can make edits to some files when others can't. I have to keep going in and have permissions from the root folder inherit down, but that only works that once. I need it set to continually inherit from that root folder so that a particular ground defined in Active Directory will always have read/write access to the files and folders contained within.
  I've also read something that said that OS X doesn't support dynamic inheritance, meaning that even if I sets up inheritance on a folder, it only applies to a folder or file is created; but if I change the permissions on the root folder, it won't change anything that currently exists in the files/folders below it. Is this true?
  - John

• Is there a way to have separate permissions between Server app and Profile manager?

  I'm running OS X 10.10.1 (Yosemite) with Server app 4.0 installed.
  I am a System Administrator for a University. I want to give our college techs the ability to manage Profile Manager, but if I grant them Admin rights on the Apple server they will also have access to the Server app, if they have the server app installed on their computer.
  Is there a way to limit access to the Server app, but allow certain individuals admin right to Profile Manager?

  This provides instructions:
  How to use multiple iPods, iPads, or iPhones with one computer

• Split Permissions for Server Configuration

  I'm currently migrating our organization to Exchange 2010. We have 3 different Exchange servers worldwide and different administrators for each. I'm trying to give the other 2 remote sites "Server Configuration" administration so that they may
  manage their own Databases and Receive connectors, etc.
  When I give their users the Server Configuration rights in RBAC, it's giving them rights to edit databases in ALL locations, not just their own.  And this is when I have the scope set to only their OU which contains their server.
  Is there a way for me to give them rights to only their server configuration and not all of the servers in the organization?

  I've given the remote admin account "Administer Data Store" rights in ADSIEdit at the server level, however they are still unable to make any database changes, everything is locked.  Does anyone know exactly what rights are required for users
  to make changes to DB's, add DB's, etc. on their server?
  EDIT:  OK, I've got my answer after a little digging around.  This is just for reference:
  First I found this article which specifies how to make a custom write scope for specific DB's.  This is great, except for the fact that I want full Server management including Receive Connectors, Virtual Directories, etc.
  http://social.technet.microsoft.com/Forums/exchange/en-US/d07dbae1-0187-4a71-8798-4471f331f2c8/exchange-2010-rbac-database-and-server-customwritescope?forum=exchange2010
  So I found another article on TechNet which talks about writing a custom write scope for a Server.
  http://technet.microsoft.com/en-us/library/dd335146(v=exchg.150).aspx
  And here's more detail on the actual command and how to point it to the correct AD Site.
  http://technet.microsoft.com/en-us/library/dd335137(v=exchg.150).aspx
  So in the end, I created two write scopes for two of our remote sites that have Exchange Servers.  Then I copied the "Server Management" RBAC role and forced the custom Server Scope I defined.  The result is exactly what I want, they
  have full server management but only within their own scope.  Any changes outside of the scope on a different server get a Denied message.
  Thanks for all the responses.

• How to get all permissions on server level and project collection level via tfs java sdk?

  i need to list project-collection level's permission and project level's permission on my project. now i have connected to tfs and i have got project collection list and user list via tfs java sdk. but i can't find the way to get the permission name list
  and permission list. how can i do to get that?
  i have checked the database, and find that the actions have some discrepancies with the tbl_securityaction'data.
  Can anyone give me some advice on that?
  davy

  David, Thanks for your reply.
  I have test the code above, but still get error. here is my code:
  final TFSTeamProjectCollection tpc = SnippetSettings.connectToTFS();
  final DefaultClientFactory factory = new DefaultClientFactory();
  final IIdentityManagementService2 ims = (IIdentityManagementService2)factory.newClient(IIdentityManagementService2.class, tpc);
  final String scopeId = null;
  final String[] propertyNameFilters = null;
  TeamFoundationIdentity[] appGroups = ims.listApplicationGroups(scopeId, ReadIdentityOptions.EXTENDED_PROPERTIES, propertyNameFilters, IdentityPropertyScope.BOTH);
  error message:
  java.lang.NullPointerException
  at com.microsoft.tfs.core.clients.webservices.IdentityManagementService2.listApplicationGroups(IdentityManagementService2.java:92).
  davy

• Users and permissions for a small home server

  Hello community,
  I have been using Linux on the desktop for many years now, but unfortunately my knowledge about servers is very limited, almost non-existent. Therefore my question is most probably equally well fitting here and into the newbie corner.
  I'm trying to set up a little home server which should be in charge of following tasks:
  - CUPS print server in the local network
  - access to shared files through NFS in the local network
  - backup (again over NFS)
  - an Owncloud server
  - maybe a mail server in the long run (NSA, paranoia, etc. )
  For now I have set up the print server, the NFS server and was working on the Owncloud installation, when Owncloud gave me some errors with users and permissions. So I was led to the idea of rethinking the users and permissions on server. So far there is only the root user who may do everything. This seems like a quite unsafe configuration. I'd like to make it safer. First, the printer, the backup and the locally shared files should be accessible from the local network only. SSH access should also be accessible locally only. The Owncloud file folder should be accessible from the internet, but of course only for the Owncloud users registered to the Owncloud server.
  What is the best way to set up users and permissions for such a set up?
  Thanks for any hints,
  PhotonX

  Hi, i think it depends who are you serving for, if you are just serving for a small office or home server or a big organization. The following quick thinking just came to me:
  I think cups set automatically a system  user of its own, and runs as it, so no trouble there. Cups also has the option to set users and it uses the system users as default, i think it depends in in how many printers/users your have in your server.Users that can manage cups are in the lp group. 
  For nfs every user should have their home, samba is also a good option if you have  windows computer in your network and it integrates better with graphical file  managers like nautilus in the clients side, but it is a hassle to configure.
  You should run the web server (owncloud ) as it own user, maybe you can manage to set something up for owncloud in the filesystem, but owncloud uses a database, and the users for owncloud are stored in there, and they are not system users.
  You can configure ssh for local use only enabling the corresponding subnets in your /etc/sshd.conf and optionally but recommended you can set a firewall and permissions. You can use iptables but i prefer ufw for simple setup.
  I think you should read the wiki:
  https://wiki.archlinux.org/index.php/users_and_groups
  and the other respective topics in the wiki.
  Also as an advice i know that arch linux is a great distribution, but you have to do more work to mantain a stable server. I would recommend debian or another more conservative distro, but of course it is your choice.
  Last edited by hydrosIII (2014-11-06 06:26:45)

• Multiple websites on one server

  I've been trying to create multiple (two) websites on one server, with little luck. One sight works fine. I've tried creating a DNS entry for the new one, but I'm not sure what to set the IP to. I've tried many configurations of IP/hostname but nothing seems to work. Occasionally, the logs just disappear from the logs window.
  I've read on here that it's possible to run multiple sites off of one IP, so I feel like that is not the problem. Ideally, I'd like to have one of the sites not exist in the System/WebServer folder. If I place the site folder outside of that folder, do I have to add its folder as a share point and/or modify its permissions?
  Server version is 10.6.3

  I'm going to distinguish the web browser (client), the web server, and the DNS server here, and will treat these as running on three separate computers. You might have one or more of those co-located on one box, adjust these references to your configuration as necessary.
  The DNS translations are applicable only on the client; on the host box that is running with the web browser. The web server doesn't care about the DNS translation. The client needs the DNS to get the IP address of the web server, and it's off to the races from there.
  Again, DNS translations are not relevant the web server. The particular web server that gets selected (Apache Virtual Host, what Apple calls a "Site") based on some information that is passed within the http (don't start working with https quite yet) connection from the web browser into the web server.
  As for your DNS question, you'll probably want a CNAME (alias) entered in DNS database for the virtual hosts, even if you're awash with IP addresses. That alias must then match the name of the web server "Site". For testing, you can enter what amounts to CNAMES into /etc/hosts on the client, depending on your local set-up and your DNS server.
  By default, the connections to all virtual hosts are via port 80. Stay there for now.
  The web server selections are sensitive to the order of the "Sites" in the listing in Server Admin, too; you'll want the wildcard site (if you have that) at the end of the list.
  Here are some of the basics: [Apache Tips: One Web Server, Multiple Distinct Web Sites|http://labs.hoffmanlabs.com/node/1282]. Comments on that are welcome.

• Unknown SQL Exception 208 occurred. Additional error information from SQL Server is included below.Invalid object name 'Webs'.

  SP 2013 Server + Dec 2013 CU. Upgrading from SharePoint 2010.
  We have a web application that is distributed over 7-8 content databases from SharePoint 2010. All but one database are upgradable. However, one database gives:
  Invalid object name 'Webs'.
  while running Test-SPContentDatabase or Mount-SPContentDatabase.
  EventViewer has the following reporting 5586 event Id:
  Unknown SQL Exception 208 occurred. Additional error information from SQL Server is included below.Invalid object name 'Webs'.
  After searching a bit, these links do not help:
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/fd020a41-51e6-4a89-9d16-38bff9201241/invalid-object-name-webs?forum=sharepointadmin
  we are trying PowerShell only.
  http://blog.thefullcircle.com/2013/06/mount-spcontentdatabase-and-test-spcontentdatabase-fail-with-either-invalid-object-name-sites-or-webs/
  In our case, these are content databases. This is validated from Central Admin.
  http://sharepointjotter.blogspot.com/2012/08/sharepoint-2010-exception-invalid.html
  Our's is SharePoint 2013
  http://zimmergren.net/technical/findbestcontentdatabaseforsitecreation-problem-after-upgrading-to-sharepoint-2013-solution
  Does not seem like the same exact problem.
  Any additional input?
  Thanks, Soumya | MCITP, SharePoint 2010

  Hi,
  “All but one database are upgradable. However, one database gives:
  Invalid object name 'Webs'.”
  Did the sentence you mean only one database not upgrade to SharePoint 2013 and given the error?
  One or more of the following might be the cause:
  Insufficient SQL Server database permissions
  SQL Server database is full
  Incorrect MDAC version
  SQL Server database not found
  Incorrect version of SQL Server
  SQL Server collation is not supported
  Database is read-only
  To resolve the issue, you can refer to the following article which contains the causes and resolutions.
  http://technet.microsoft.com/en-us/library/ee513056(v=office.14).aspx
  Thanks,
  Jason
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jason Guo
  TechNet Community Support

• "Not an executable or is a link" errors when starting Messaging Server

  "Not an executable or is a link" errors when starting Messaging Server
  <P>
  If Calendar Server 3.x has been installed to the same server root
  as Messaging server, it is possible that the command 'NscpMail start'
  to restart the server will return a string of errors:
  # /etc/NscpMail start
  19971207145610:Dispatch:Notification:Local Module
  (Account-Handler) is not a n executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Account-Manager) is not a n executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (AutoReply-Handler) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Configuration-Manager) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Error-Handler) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Mailbox-Deliver) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Program-Deliver) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (SMTP-Deliver) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (SMTP-Router) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (UNIX-Deliver) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Network Module
  (Finger-Server) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Network Module
  (IMAP4-Server) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Network Module
  (POP3-Server) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Network Module
  (SMTP-Accept) is not an executable or is a link.
  Module not loaded.
  Startup Problem:
  Module Error-Handler is required for proper operation.
  Netscape Messaging Server Exiting!
  The Calendar server 3.x installation may have changed the permissions
  on [server-root]/bin directory from 755 to 750. Simply issue the
  command (as root) 'chmod 755 [server-root]/bin' and then start
  the server with the 'NscpMail start' command, and it should start
  without a problem.

  "Not an executable or is a link" errors when starting Messaging Server
  <P>
  If Calendar Server 3.x has been installed to the same server root
  as Messaging server, it is possible that the command 'NscpMail start'
  to restart the server will return a string of errors:
  # /etc/NscpMail start
  19971207145610:Dispatch:Notification:Local Module
  (Account-Handler) is not a n executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Account-Manager) is not a n executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (AutoReply-Handler) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Configuration-Manager) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Error-Handler) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Mailbox-Deliver) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (Program-Deliver) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (SMTP-Deliver) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (SMTP-Router) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Local Module
  (UNIX-Deliver) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Network Module
  (Finger-Server) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Network Module
  (IMAP4-Server) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Network Module
  (POP3-Server) is not an executable or is a link.
  Module not loaded.
  19971207145610:Dispatch:Notification:Network Module
  (SMTP-Accept) is not an executable or is a link.
  Module not loaded.
  Startup Problem:
  Module Error-Handler is required for proper operation.
  Netscape Messaging Server Exiting!
  The Calendar server 3.x installation may have changed the permissions
  on [server-root]/bin directory from 755 to 750. Simply issue the
  command (as root) 'chmod 755 [server-root]/bin' and then start
  the server with the 'NscpMail start' command, and it should start
  without a problem.